If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Advice needed

So in my search for more knowledge, and training more suited for my learning style, I came across a course. I downloaded the required files and went to install it. Of course when I did so, my resident AV (ThreatFire) popped up.

Now I was expecting to find some virus code in the application, as it contains code for examination, as well as tools for the users use. However, the detected infection was Win.32.Parite, identified as a Virus that does the same as most viruses, replicates copies of itself.

I wanted to verify it was not a FP, so I am currently scanning the drive(its an external) using AVG. It has detected Win32.Parite as well as the expected tools and variations of something called Linux/Agent6.(variant#).

My thinking is that the so called virus has not infected any files outside of the programs files, which I would think it would infect as much as it could.

I could use some quick advice on this, I spent quite a lot of time DL'ing the files, I don't want to delete them on a whim. Also, if anyone would like to volunteer to examine the files, I have them in .rar's and I can attempt to send them, just PM me.

I must admit myself confused. The registry value indicated that the virus executed as intended, adding one registry value. A second scan of the hard disk from a different AV vendor confirmed the presence of Parite, but only in the application's files, no other executable's have been infected.

It's possible. I made a thread about the possibilities of something similar, if you care to comment: http://forums.remote-exploit.org/gen...positives.html. None of my AV products, run on different computers, have noted any infection outside of the files themselves. I wish I knew how to analyze the files myself, I have no code experience, but I intend to learn one day. IAC, anyone know of any basic tutorials?

It's possible. I made a thread about the possibilities of something similar, if you care to comment: http://forums.remote-exploit.org/gen...positives.html. None of my AV products, run on different computers, have noted any infection outside of the files themselves. I wish I knew how to analyze the files myself, I have no code experience, but I intend to learn one day. IAC, anyone know of any basic tutorials?

Well there are "sandboxes" one can allow the code to run in, to see what happens.
I would tell you to hook a debugger to it and let it run, but that may not do you any good right now.
Try looking for info on debuggers if you are so interested.
IDA PRO Free is included in bt4 pre. It runs under wine. So it works on windows.
Might be best to delete and re-download. ?